Merge "jquery.accessKeyLabel: make modifier info public"

[lhc/web/wiklou.git] / includes / api / ApiOptions.php

diff --git a/includes/api/ApiOptions.php b/includes/api/ApiOptions.php
index 436f22a..7a90527 100644 (file)
--- a/includes/api/ApiOptions.php
+++ b/includes/api/ApiOptions.php
@@ -35,14 +35,10 @@ class ApiOptions extends ApiBase {
         * Changes preferences of the current user.
         */
        public function execute() {
-               $user = $this->getUser();
-
-               if ( $user->isAnon() ) {
+               if ( $this->getUser()->isAnon() ) {
                        $this->dieUsage( 'Anonymous users cannot change preferences', 'notloggedin' );
-               }
-
-               if ( !$user->isAllowed( 'editmyoptions' ) ) {
-                       $this->dieUsage( 'You don\'t have permission to edit your options', 'permissiondenied' );
+               } elseif ( !$this->getUser()->isAllowed( 'editmyoptions' ) ) {
+                       $this->dieUsage( "You don't have permission to edit your options", 'permissiondenied' );
                }
 
                $params = $this->extractRequestParams();
@@ -52,6 +48,12 @@ class ApiOptions extends ApiBase {
                        $this->dieUsageMsg( array( 'missingparam', 'optionname' ) );
                }
 
+               // Load the user from the master to reduce CAS errors on double post (T95839)
+               $user = $this->getUser()->getInstanceForUpdate();
+               if ( !$user ) {
+                       $this->dieUsage( 'Anonymous users cannot change preferences', 'notloggedin' );
+               }
+
                if ( $params['reset'] ) {
                        $user->resetOptions( $params['resetkinds'], $this->getContext() );
                        $changed = true;